IETF Logo Mail Archive

Re: [Pqc] WG adoption call for draft-hale-pquip-hybrid-signature-spectrums

Wang Guilin <Wang.Guilin@huawei.com> Mon, 04 March 2024 06:28 UTC

Return-Path: <Wang.Guilin@huawei.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 422E8C14F615 for <pqc@ietfa.amsl.com>; Sun, 3 Mar 2024 22:28:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id basIOiI94Bx8 for <pqc@ietfa.amsl.com>; Sun, 3 Mar 2024 22:28:17 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 270A9C14F603 for <pqc@ietf.org>; Sun, 3 Mar 2024 22:28:17 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.216]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Tp7tJ5CMhz6J9TW for <pqc@ietf.org>; Mon, 4 Mar 2024 14:23:20 +0800 (CST)
Received: from lhrpeml100004.china.huawei.com (unknown [7.191.162.219]) by mail.maildlp.com (Postfix) with ESMTPS id BBADF1400C9 for <pqc@ietf.org>; Mon, 4 Mar 2024 14:28:13 +0800 (CST)
Received: from sinpeml100003.china.huawei.com (7.188.192.63) by lhrpeml100004.china.huawei.com (7.191.162.219) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 4 Mar 2024 06:28:12 +0000
Received: from sinpeml500005.china.huawei.com (7.188.193.102) by sinpeml100003.china.huawei.com (7.188.192.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 4 Mar 2024 14:28:11 +0800
Received: from sinpeml500005.china.huawei.com ([7.188.193.102]) by sinpeml500005.china.huawei.com ([7.188.193.102]) with mapi id 15.01.2507.035; Mon, 4 Mar 2024 14:28:11 +0800
From: Wang Guilin <Wang.Guilin@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "pqc@ietf.org" <pqc@ietf.org>
CC: Wang Guilin <Wang.Guilin@huawei.com>
Thread-Topic: [Pqc] WG adoption call for draft-hale-pquip-hybrid-signature-spectrums
Thread-Index: AQHaaJKOKHHgegnP7Em4JG/u90rwNrEmC8+AgAAOiwCAAAy4gIAA/0BA
Date: Mon, 04 Mar 2024 06:28:11 +0000
Message-ID: <d6bcf4134b4b4a5bb24319d683c06ab8@huawei.com>
References: <20240303221906.1680306.qmail@cr.yp.to> <dc041ae5-af24-454d-a96a-2f2d300ddf37@cs.tcd.ie>
In-Reply-To: <dc041ae5-af24-454d-a96a-2f2d300ddf37@cs.tcd.ie>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.194.120.72]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/4lrX3hqd9YBWlo4w7IX1cP3Woqg>
Subject: Re: [Pqc] WG adoption call for draft-hale-pquip-hybrid-signature-spectrums
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 06:28:19 -0000

I would like to support adoption, as this is seemingly very important for hybrid certificates, at least. 

In particular, it will be interesting to see how some properties, especially weak or strong non-separability, are related to the different applications for hybrid signatures: certificates, message authentication, identity authentication, and maybe more. 

Guilin

-----Original Message-----
From: Pqc <pqc-bounces@ietf.org> On Behalf Of Stephen Farrell
Sent: Monday, 4 March 2024 7:05 am
To: pqc@ietf.org
Subject: Re: [Pqc] WG adoption call for draft-hale-pquip-hybrid-signature-spectrums


Hiya,

On 03/03/2024 22:19, D. J. Bernstein wrote:
> Section 1.3 discusses "why hybrid digital signatures are desirable for 
> _some_  applications" (emphasis added). The text distinguishes 
> different applications and includes the most obvious considerations. 
> So I think the high-level issue is addressed.
> 
> Obviously the more detailed text still needs some work, but, given 
> that the current question is about adoption rather than consensus, I'd 
> say yes.

It's fair enough to be optimistic the the issues will be addressed after adoption, but I'm not in that place myself - I see a lot of people who seem to be convinced that hybrid sigs ought be used as the default for PQ-sigs without IMO that having been justified. So I am explicitly concerned that adoption as-is could mean minimising or ignoring the issues here, subsequently causing issues in other WGs when they discuss PQ-sigs . (BTW that's without accusing anyone of any bad faith, I just disagree with the conclusions some hybrid sig enthusiasts seem to have reached:-)

That said, it would not take many words to be clear that this is not a slam-dunk topic, but rather is one where at least some people who are not clueless have a negative opinion of hybrid sigs, (esp if proposed as the typical way of incorporating PQ-sigs), and that work is needed for this document to properly analyse the situation.

Cheers,
S.

v2.23.0 | Report a Bug | By Email